Jeyavijayan Rajendran

Trustworthy Hardware: Identifying and Classifying Hardware Trojans

For reasons of economy, critical systems will inevitably depend on electronics made in untrusted factories. A proposed new hardware Trojan taxonomy provides a first step in better understanding existing and potential threats.

Security analysis of logic obfuscation

Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.

Security analysis of integrated circuit camouflaging

Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.

Fault Analysis-Based Logic Encryption

Globalization of the integrated circuit (IC) design industry is making it easy for rogue elements in the supply chain to pirate ICs, overbuild ICs, and insert hardware Trojans. Due to supply chain attacks, the IC industry is losing approximately

Leveraging Memristive Systems in the Construction of Digital Logic Circuits

4 billion annually. One way to protect ICs from these attacks is to encrypt the design by inserting additional gates such that correct outputs are produced only when specific inputs are applied to these gates. The state-of-the-art logic encryption technique inserts gates randomly into the design, but does not necessarily ensure that wrong keys corrupt the outputs. Our technique ensures that wrong keys corrupt the outputs. We relate logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique. This technique enables a designer to controllably corrupt the outputs. Specifically, to maximize the ambiguity for an attacker, this technique targets 50% Hamming distance between the correct and wrong outputs (ideal case) when a wrong key is applied. Furthermore, this 50% Hamming distance target is achieved using a smaller number of additional gates when compared to random logic encryption.

Is split manufacturing secure

The recent emergence of the memristor has led to a great deal of research into the potential uses of the devices. Specifically, the innate reconfigurability of memristors can be exploited for applications ranging from multilevel memory, programmable logic, and neuromorphic computing, to name a few. In this work, memristors are explored for their potential use in dense programmable logic circuits. While much of the work is focused on Boolean logic, nontraditional styles including threshold logic and neuromorhpic computing are also considered. In addition to an analysis of the circuits themselves, computer-aided design (CAD) flows are presented which have been used to map digital logic functionality to dense complementary metal-oxide-semiconductor (CMOS)-memristive logic arrays. As exemplified through the circuits described here memristor-based digital logic holds great potential for high-density and energy-efficient computing.

Nano-PPUF: A Memristor-Based Security Primitive

Split manufacturing of integrated circuits (IC) is being investigated as a way to simultaneously alleviate the cost of owning a trusted foundry and eliminate the security risks associated with outsourcing IC fabrication. In split manufacturing, a design house (with a low-end, in-house, trusted foundry) fabricates the Front End Of Line (FEOL) layers (transistors and lower metal layers) in advanced technology nodes at an untrusted high-end foundry. The Back End Of Line (BEOL) layers (higher metal layers) are then fabricated at the design houses trusted low-end foundry. Split manufacturing is considered secure (prevents reverse engineering and IC piracy) as it hides the BEOL connections from an attacker in the FEOL foundry. We show that an attacker in the FEOL foundry can exploit the heuristics used in typical floorplanning, placement, and routing tools to bypass the security afforded by straightforward split manufacturing. We developed an attack where an attacker in the FEOL foundry can connect 96% of the missing BEOL connections correctly. To overcome this security vulnerability in split manufacturing, we developed a fault analysis-based defense. This defense improves the security of split manufacturing by deceiving the FEOL attacker into making wrong connections.

Design and analysis of ring oscillator based Design-for-Trust technique

CMOS devices have been used to build hardware security primitives such as physical unclonable functions. Since MOS devices are relatively easy to model and simulate, CMOS-based security primitives are increasingly prone to modeling attacks. We propose memristor-based Public Physical Unclonable Functions (nano-PPUFs), they have complex models that are difficult to simulate. We leverage sneak path currents, process variations, and computationally intensive SPICE models as features to build the nano-PPUF. With just a few hundreds of memristors, we construct a time-bounded authentication protocol that will take several years for an attacker to compromise.

Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges

Due to the increasing opportunities for malicious inclusions in hardware, Design-for-Trust (DFTr) is emerging as an important IC design methodology. In order to incorporate the DFTr techniques into the IC development cycle, they have to be practical in terms of their Trojan detection capabilities, hardware overhead, and test cost. We propose a non-invasive DFTr technique, which can detect Trojans in the presence of process variations and measurement errors. This technique can detect Trojans that are inserted in all or a subset of the ICs. It is applicable to both ASICs and FPGA implementations. Circuit paths in a design are reconfigured into ring oscillators1 (ROs) by adding a small amount of logic. Trojans are detected by observing the changes in the frequency of the ROs. An algorithm is provided to secure all the gates, while reducing the hardware overhead. We analyzed the coverage, area and test time overhead of the proposed DFTr technique. To demonstrate its effectiveness in the real world, the proposed technique had been validated by a red-team blue-team approach.

An Energy-Efficient Memristive Threshold Logic Circuit

Globalization of the semiconductor industry and associated supply chains have made integrated circuits increasingly vulnerable to Trojans. Researchers must expand efforts to verify trust in intellectual property cores and ICs.